Mozilla to pull antiphishing feature from Firefox 2.0 at Google's request
The browser protection relies on an older blacklist protocol
Computerworld - Mozilla Corp. will drop antiphishing protection from the final version of Firefox 2.0 at Google Inc.'s request when Mozilla updates the browser later this month, a company executive confirmed today.
When Mozilla rolls out Firefox 18.104.22.168, the browser will be missing the antiphishing feature that the aging browser has sported since it debuted in 2006, said Mike Beltzner, director of Firefox, in an e-mail today.
"The latest published update for Firefox 2, which is Version 22.214.171.124, has the Phishing Protection feature enabled and working," Beltzner said. "However, the next planned update for Firefox 2, Version 126.96.36.199, will be required to disable this feature."
Firefox 188.8.131.52, which will be the last security update for the browser before Mozilla discontinues support, is currently slated to ship on Dec. 16, according to notes from a status meeting earlier this week. Mozilla's policy is to support a browser for six months after it has been superseded by a new version. The company unveiled Firefox 3.0 in mid-June.
Dubbed "Phishing Protection" by Mozilla, the feature warns users when they attempt to reach a site suspected of hosting identity theft scams. The list of blocked sites is generated by Google, the search company that provided 88% of Mozilla's revenue during 2007.
Beltzner said Google asked Mozilla to disable the feature in Firefox 184.108.40.206 because the older browser line uses an obsolete protocol.
"The Phishing Protection feature in Firefox 2 relies on data provided by Google via the first version of the SafeBrowsing protocol," said Beltzner, who explained that Google and Mozilla had worked together to update the protocol, first to SafeBrowsing v2.1 late last year, and more recently, to SafeBrowsing v2.2.
Firefox 3.0 has relied on SafeBrowsing v2.1 since its release several months ago, but is transitioning to v2.2 this month for its antiphishing and anti-malware features, both which ping Google's servers for blacklists.
"Now that Firefox 2 is reaching the end of its support life span, we have been asked to turn this feature off as Google will no longer be supporting requests using the obsolete SafeBrowsing v1 protocol," said Beltzner.
Users who download Firefox 220.127.116.11, or update to that version later this month, will be told that the feature has been switched off, Beltzner said.
Firefox 3.0, which is currently at 3.0.4 and scheduled to update to 3.0.5 at the same time Mozilla ships the final Firefox 2.0 update, will continue to offer antiphishing protection. Users of the older browser can update to the newer line by downloading Firefox 3.0, or accepting the automatic upgrade offer that will begin reaching them today.
Beltzner said that Mozilla won't offer any antiphishing work-arounds for Firefox 18.104.22.168 users who want to keep using the older browser, but noted that there are similar tools available elsewhere. Alternatives to Firefox's built-in protection include the Netcraft Toolbar, WOT (Web of Trust) and FirePhish extensions, which can be downloaded from Mozilla's add-on site.
Read more about Security in Computerworld's Security Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!